Details
Assignee
UnassignedUnassignedReporter
Gurudev S RGurudev S RLabels
Edit Screen Preamble
<div class="notify info" style="margin-bottom: 10px;">
If you are a Pentaho customer, please use the <a href="http://support.pentaho.com">Customer Support portal</a> to log issues.
<p />
This system is used for logging bugs and enhancement requests only. Please use our <a href="https://community.pentaho.com">community at https://community.pentaho.com</a> if you have questions, configuration issues, or have an issue with a marketplace plugin as Pentaho does not support marketplace plugins unless written by Pentaho.
<p />
Lastly, when creating a bug, please provide as much detail as possible. To prevent unnecessary delays in reviewing your issue, please attach complete server logs, SQL/MDX logs where applicable, schemas, etc. Also, screen-shots and screen-cams are especially helpful in demonstrating the issue.
<p />
Thank-you so much,<br />
The Pentaho Team
</div>
Notice
<div class="notify info" style="margin-bottom: 10px;">
When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.
</div>
Story Points
0Priority
Urgent
Details
Details
Assignee
Reporter
Labels
Edit Screen Preamble
<div class="notify info" style="margin-bottom: 10px;">
If you are a Pentaho customer, please use the <a href="http://support.pentaho.com">Customer Support portal</a> to log issues.
<p />
This system is used for logging bugs and enhancement requests only. Please use our <a href="https://community.pentaho.com">community at https://community.pentaho.com</a> if you have questions, configuration issues, or have an issue with a marketplace plugin as Pentaho does not support marketplace plugins unless written by Pentaho.
<p />
Lastly, when creating a bug, please provide as much detail as possible. To prevent unnecessary delays in reviewing your issue, please attach complete server logs, SQL/MDX logs where applicable, schemas, etc. Also, screen-shots and screen-cams are especially helpful in demonstrating the issue.
<p />
Thank-you so much,<br />
The Pentaho Team
</div>
Notice
<div class="notify info" style="margin-bottom: 10px;">
When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.
</div>
Story Points
Priority
Urgent
While performing the penetration testing they encountered security failure due to the lack of "Content-Security-Policy" having been implemented in the Pentaho user console.
There are multiple ways to implement this
One at the proxy server level https://www.sitepoint.com/improving-web-security-with-the-content-security-policy/
Second by writing a class and referencing it in web.xml file https://content-security-policy.com/examples/java/
Third is setting at the META tags of the HTML/JSP files used in Pentaho.
We would like to have this Content-Security-Policy to be made available as part of the default Pentaho installation either by writing an external class and referencing it in web.xml or by adding the attribute at the META tag of JSP/HTML files.